Tacacs+ and F5

Question

Hi all,&nbsp;
I'm hoping someone can help me with z small problem I have.&nbsp;
My F5's are using TACACS for admin authentication, role based access etc and it's working a treat.&nbsp;
My problem is that when the TACACS requests hits the Cisco ACS 5.7 the rem_addr portion of the TACACS request is empty.&nbsp;
Why is this a problem ?, we use service accounts for tools to access the F5's and for compliance reason we need to be able to restrict from where this service account can be used.&nbsp;
So on the ACS application the service account is locked down to only work if the login attempt originates from a specific IP address.&nbsp;
Now as the F5 does not fill in the rem_addr portion of the TACACS request the access is denied.&nbsp;
Does anyone know if there is a way of making the F5 fill in the rem_addr part of the TACACS request ? Or is it simply a case of the F5's not being able to do it ?&nbsp;
The rem_addr is an optional field in the TACACS+ packet so I am wondering if F5 just never bothered with it.&nbsp;
Thanks in advance&nbsp;
Rich&nbsp;

ravi_k__malhotr · Answer

i do not have an exact answer for you, but would like you to focus on iRules, may be it can help you.&nbsp;

boneyard · Answer

not really seeing how iRules would help, or you must suggest trying to change the tacacs+ message on tcp level, which is perhaps a bit extreme. but for the question i think support my be the best way to go.

Forum Discussion

Tacacs+ and F5

2 Replies

Recent Discussions

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Related Content

TACACS+ Remote Role Configuration for BIG-IP

Where are F5's archived deployment guides?

F5 Distributed Cloud - Listener Logic

F5 Python SDK Overview

API Gateway Mapping - Gartner - F5